Add TLS-Certificate.Serial-Number-And-Issuer#5728
Conversation
The Serial Number and Issuer is a string format defined in RFC4523 called a CertificateExactAssertion that allows a unique instance of an X509 certificate to be identified independently of the contents of the certificate. This interoperates with the SSL_CLIENT_CERT_RFC4523_CEA variable in Apache httpd's mod_ssl.
|
@ndptech did you put the DER decoder behind a toggle yet? |
|
@arr2036 The DER decoder is behind |
|
This patch isn't needed any more. The DER code will now decode any arbitrary fields in a certificate. We don't want to add more special-purpose code to v4. |
I don't follow, the Serial-Number-And-Issuer is not a field in a certificate, but rather two fields in a certificate that are escape and encoded together in a special way described in RFC4523. Right now today, neither the serial number nor the issuer is encoded in a way compatible with RFC4523, thus the need for a dedicated encoding. |
|
I'll re-open this, but the unlang in v4 allows for fairly complex manipulation of attributes. It's possible that this kind of manipulation can be done with just normal unlang. |
The Serial Number and Issuer is a string format defined in RFC4523 called a CertificateExactAssertion that allows a unique instance of an X509 certificate to be identified independently of the contents of the certificate.
This interoperates with the SSL_CLIENT_CERT_RFC4523_CEA variable in Apache httpd's mod_ssl.